Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Rob Watkins 311 posts 477 karma points
    1 week ago
    Rob Watkins
    0

    417 Missing token suddenly occurring on all our sites

    We have several Umbraco sites that have been working fine, then on Monday (15th May) clients on various sites starting reporting that they were seeing no content on login.

    Checking it out, it is returning 417 Missing Token on various services on login; an F5 will make everything work.

    It is consistent every time; log in, nothing works, F5, everything works.

    Seems to be a common error but with various causes; I have cleared cookies, restarted site, no dice. Reproducible every time.

    The initial login sends a UMB_UCONTEXT cookie (and my app cookie for site users).

    The F5 sends that + cookies XSRF-TOKEN and XSRF-V, and extra header X-XSRF-TOKEN.

    Replaying the requests in the object inspector will reliably give the same results, so clearly it is the headers that are causing the problem.

    Any ideas how to fix? And why it's suddenly started happening?

  • Rob Watkins 311 posts 477 karma points
    1 week ago
    Rob Watkins
    0

    Update: 7.5 works; so we can upgrade if it is not patchable.

    I would prefer a fix however.

  • Craig Mayers 70 posts 211 karma points
    1 week ago
    Craig Mayers
    0

    Hi Rob,

    I have seen this issue a few times...

    I would suggest just simply upgrading if it is feasible for you. If you manage to find a fix, please post it here for the rest of the community. ;)

    Good luck!

    Craig

  • Bob 35 posts 137 karma points
    1 week ago
    Bob
    0

    Same issue.... I don't have the option to upgrade but I would prefer a fix?? Is this something Umbraco have done or something that had been caused by a change?

  • Ihor 8 posts 39 karma points
    1 week ago
    Ihor
    0

    I have the same issue.... Please let community know if somebody find fix

  • Ihor 8 posts 39 karma points
    1 week ago
    Ihor
    0

    Hi All,

    Looks like I found a workaround. I cannot upgrade Umbraco to the latest version so I had to find a solution. For now, I use version 7.2.8

    So I downloaded Umbraco sources from here: https://github.com/umbraco/Umbraco-CMS/releases/tag/release-7.2.8

    And made a small change in AuthenticationController from Umbraco.Web project

    1) Deleted SetAngularAntiForgeryTokens attribute from PostLogin method

    2) Added new private method (in fact just copied piece of code from SetAngularAntiForgeryTokensAttribute)

    private void ValidateCookies(HttpContextBase context) {
           if (context.Request.Cookies.Get(AngularAntiForgeryHelper.AngularCookieName) != null
                && context.Request.Cookies.Get(AngularAntiForgeryHelper.CsrfValidationCookieName) != null)
            {
                return;
            }
    
            string cookieToken, headerToken;
            AngularAntiForgeryHelper.GetTokens(out cookieToken, out headerToken);
    
            var angularCookie = new HttpCookie(AngularAntiForgeryHelper.AngularCookieName, headerToken)
            {
                Path = "/",
                //must be js readable
                HttpOnly = false,
                Secure = GlobalSettings.UseSSL
            };
    
            var validationCookie = new HttpCookie(AngularAntiForgeryHelper.CsrfValidationCookieName, cookieToken)
            {
                Path = "/",
                HttpOnly = true,
                Secure = GlobalSettings.UseSSL
            };
    
            context.Response.Cookies.Add(angularCookie);
            context.Response.Cookies.Add(validationCookie);
        }
    

    3) Use this method from PostLogin method (just before return)

         ...
         ValidateCookies(http.Result);
         return result;
    

    So it looks like something wrong with cookies when we set it from ActionFIlter. It simply does not return cookies in response.

    Briefly tested it on two different websites and it looks fine now. I can log in and there isn't broken token errors. Maybe it breaks something else so I will make more tests

    Please let me know if somebody find another solution.

    Thanks Ihor

  • Bob 35 posts 137 karma points
    7 days ago
    Bob
    0

    We still have this issue. Surprised no one from Umbraco had come forward to explain why this occurred in the first place

  • Rasmus Söderström 1 post 71 karma points
    3 days ago
    Rasmus Söderström
    0

    We also have this issue. Can confirm this occurs on multiple versions, up to 7.2.8. More details on our issue here: http://issues.umbraco.org/issue/U4-9873

    We think our issue first appeared when migrating to Windows Server 2016.

    Have you made any changes to the hosting environment?

Please Sign in or register to post replies

Write your reply to:

Draft